def display_pending_cves(release, kernel, last_usn, version, extra_cves=None):
# XXX - convert to an api call (report-pending-fixes is python)
if extra_cves:
extra_cves_arg = ','.join(extra_cves)
else:
extra_cves_arg = ''
if cve_lib.is_active_esm_release(release):
release = cve_lib.get_esm_name(release)
cmd = [
'./scripts/report-pending-fixes', '-D', '--states', '-r', release,
kernel, last_usn, version, '-a', extra_cves_arg
]
debug('Running "%s" ...' % ' '.join(cmd))
return subprocess.call(cmd, universal_newlines=True)
def get_pending_cves(release, kernel, last_usn, version):
# XXX - convert to an api call (report-pending-fixes is python)
if cve_lib.is_active_esm_release(release):
release = cve_lib.get_esm_name(release)
cmd = [
'./scripts/report-pending-fixes', '-r', release, kernel, last_usn,
version
]
debug('Running "%s" ...' % ' '.join(cmd))
cves = subprocess.check_output(cmd, universal_newlines=True)
cves = cves.strip()
if cves == '':
return []
return cves.split('\n')
cve_lib.prepend_field(filename, 'PublicDateAtUSN',
data['PublicDate'])
if args.git_stage:
cve_lib.git_add(filename)
for rel in db[usn]['releases']:
if 'sources' not in db[usn]['releases'][rel]:
if args.debug:
print(
" strange: %s listed, but without any changed sources -- skipping release"
% (rel))
continue
cve_rel = rel
if not cve_lib.is_active_release(
rel) and cve_lib.is_active_esm_release(rel):
cve_rel = cve_lib.get_esm_name(rel)
for src in db[usn]['releases'][rel]['sources']:
if src not in cves[cve]['pkgs'] or cve_rel not in cves[
cve]['pkgs'][src]:
# HACK: ignore abandoned linux topic branches
if src in ['linux-ti-omap', 'linux-qcm-msm']:
continue
# HACK: ignore firefox-* packages since we track
# xulrunner. These existed only from hardy-karmic.
if src in [
'firefox-3.0', 'firefox-3.1', 'firefox-3.5'
]:
continue
# skip eol releases
if not cve_lib.is_active_release(
rel) and not cve_lib.is_active_esm_release(